Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
openldap2: /usr/lib/openldap/start allows ldap user/group to recursively chown arbitrary directory trees to itself
Vulnerability Description
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
不可信的搜索路径
Vulnerability Title
openSUSE openldap2代码问题漏洞
Vulnerability Description
openSUSE openldap2是德国SUSE公司的一个轻量级目录访问协议 v3 (LDAPv3) 的客户端和服务器参考实现。服务器提供了几个数据库后端和覆盖。 openSUSE openldap2 2.3.6至404.1之前的版本存在代码问题漏洞,该漏洞源于其允许控制ldap用户或组的本地攻击者利用不受信的搜索路径更改该用户/组的任意目录条目的所有权,导致升级到root权限。
CVSS Information
N/A
Vulnerability Type
N/A